Jump to content

- - - - -

Dec 13Th Incident - Official Response


328 replies to this topic

#1 Bryan Ekman

    Creative Director

  • Developer
  • Developer
  • 1,106 posts
  • Twitter: Link
  • LocationVancouver, BC

Posted 13 December 2012 - 04:14 PM

It has come to our attention that a vulnerability in our licensed forum software allowed a malicious redirect script to be injected.
  • This has been discovered and removed.
We understand that you are very concerned about your private information, including email addresses, passwords and credit card information.



We can confirm:
  • At no time were any databases containing personal information compromised. This includes e-mails and passwords.
  • PGI and IGP does not store, nor have access to any user credit card information.
  • Account passwords are encrypted, salted, peppered and stored in databases not affected by today’s incident.
Web and forum access to our site is now back to normal.



We’re sorry for any inconveniences this may have caused.

The MechWarrior Online Team

Edited by Kyle Polulak, 13 December 2012 - 07:52 PM.
S&P


#2 anonymous175

    Member

  • PipPipPipPipPipPipPipPip
  • Bad Company
  • 1,195 posts

Posted 13 December 2012 - 04:16 PM

Cool

#3 Crazycajun

    Member

  • PipPipPipPipPipPip
  • Legendary Founder
  • Legendary Founder
  • 356 posts
  • Facebook: Link
  • LocationLouisiana

Posted 13 December 2012 - 04:17 PM

10-4 big buddy ...

Now back to our regularly schedule mech destructing and killing sprees

#4 Pyrrho

    Member

  • PipPipPipPipPipPipPip
  • Bad Company
  • 854 posts

Posted 13 December 2012 - 04:17 PM

Straight from the Ekman's mouth.

#5 Insidious Johnson

    Member

  • PipPipPipPipPipPipPipPipPip
  • Bad Company
  • Bad Company
  • 2,417 posts
  • Location"This is Johnson, I'm cored"

Posted 13 December 2012 - 04:17 PM

Excellent turn around from start to end. Good job PGI. Now, about the rest of the bugs...

#6 Stone Wall

    Member

  • PipPipPipPipPipPipPipPip
  • Veteran Founder
  • Veteran Founder
  • 1,863 posts
  • LocationSouth Carolina, USA

Posted 13 December 2012 - 04:17 PM

PGI always on the ball.

#7 xxx WreckinBallRaj xxx

    Member

  • PipPipPipPipPipPipPipPipPip
  • Legendary Founder
  • Legendary Founder
  • 3,852 posts

Posted 13 December 2012 - 04:19 PM

If Emails weren't compromised, then how did someone send us that [Redacted] Windows 8 fail Email? Just curious.

View PostCrazycajun, on 13 December 2012 - 04:17 PM, said:

10-4 big buddy ...

Now back to our regularly schedule mech destructing and killing sprees


And forum trolling.

Edited by Niko Snow, 13 December 2012 - 06:09 PM.
And forum moderating.


#8 Dirk Le Daring

    Member

  • PipPipPipPipPipPipPipPipPip
  • 2,083 posts
  • LocationAustralia

Posted 13 December 2012 - 04:20 PM

Good to read. Thanks for keeping us informed.

#9 Axeman1

    Member

  • PipPipPipPipPipPip
  • Knight Errant
  • 323 posts

Posted 13 December 2012 - 04:20 PM

I was going to buy MC but someone in another thread said their paypal was compromised after they did...

#10 Odins Fist

    Member

  • PipPipPipPipPipPipPipPipPip
  • Ace Of Spades
  • Ace Of Spades
  • 3,111 posts
  • LocationThe North

Posted 13 December 2012 - 04:21 PM

Thank You...

#11 shabowie

    Member

  • PipPipPipPipPipPipPip
  • 877 posts

Posted 13 December 2012 - 04:22 PM

View PostBluten, on 13 December 2012 - 04:19 PM, said:

If Emails weren't compromised, then how did someone send us that BS Windows 8 fail Email? Just curious.


I didn't receive that email.

#12 Stone Wall

    Member

  • PipPipPipPipPipPipPipPip
  • Veteran Founder
  • Veteran Founder
  • 1,863 posts
  • LocationSouth Carolina, USA

Posted 13 December 2012 - 04:22 PM

View PostAxeman1, on 13 December 2012 - 04:20 PM, said:

I was going to buy MC but someone in another thread said their paypal was compromised after they did...


people also call everything OP

#13 bug3at3r

    Member

  • PipPipPipPipPipPip
  • 275 posts

Posted 13 December 2012 - 04:22 PM

I never got the email.

#14 xenoglyph

    Member

  • PipPipPipPipPipPipPipPip
  • 1,480 posts
  • LocationSan Diego

Posted 13 December 2012 - 04:24 PM

Okay, so you're saying our emails were compromised by a script. How can we be sure our passwords weren't compromised as well? Also, it would be safe to assume that Moderator/Admin accounts had their auth cookies stolen during this time, potentially giving the attackers access to other things.

Why haven't you guys forced a password reset on all forum accounts since in game passwords are the same as forum passwords?

edit: I got the email on both of my forum accounts, including an account that hasn't logged on in WEEKS.

Edited by xenoglyph, 13 December 2012 - 04:24 PM.


#15 Myssi

    Member

  • PipPipPip
  • 98 posts
  • LocationFinland

Posted 13 December 2012 - 04:27 PM

Well, these things can happen but I'm still a bit worried about possible future issues with databases or forum software.
Why don't we have the ability to change our passwords? Some people, like me, prefer to change all their passwords on certain times.
Nearly all other services I use give me the chance to switch my passwords if I so want to. Including things like Battlelog from EA, multiple MMO's and other forums. Why not here?
I'm sure I'm not the only one who wanted to change his password today, just to be sure.

Yeah yeah, call me paranoid but I don't take even the possibility of my login information leaking lightly.
I'm sure the encryption is good and does it's best to keep our information safe, but these things have been cracked and\or leaked before in the history if internets.
Why is there no external authenticator available, like one Blizzard offers for battle.net. Smart phone app that gives you a code that you need to input before you can log in? Or even the external authenticator dongle thingie they, and few other MMOs, used.

The authenticator might be a bit far fetched for a free-to-play title, but at least the ability to change the password would be nice. Or am I just so blind that I can't find it in the mwomercs page?

Edit; so apparently you can change your password with the 'forgot password' function as Ter Ushaka and Tice Daurus pointed out. Okay, cool. I'd personally still prefer that there was more obvious way to do it.

Edited by Myssi, 13 December 2012 - 04:38 PM.


#16 OpCentar

    Member

  • PipPipPipPipPipPipPip
  • 547 posts

Posted 13 December 2012 - 04:28 PM

This is why linking game accounts to forum ones is/was a bad idea.

#17 ARCTICF0X

    Member

  • PipPipPip
  • 75 posts

Posted 13 December 2012 - 04:29 PM

Chrome still reporting site as unsafe. Cannot even view webpage.

IE doesn't have this problem for me.

#18 bug3at3r

    Member

  • PipPipPipPipPipPip
  • 275 posts

Posted 13 December 2012 - 04:31 PM

The ability to change passwords would be nice.

#19 RobarGK

    Member

  • PipPipPipPipPip
  • The Vicious
  • The Vicious
  • 183 posts
  • LocationNova Scotia, Canada

Posted 13 December 2012 - 04:33 PM

I also did not receive the email, and someone else said that they knew people who received the email.that had nothing to do with MWO.

#20 Ter Ushaka

    Member

  • PipPipPipPipPipPipPip
  • 600 posts
  • LocationGnomeregan, Dun Morogh

Posted 13 December 2012 - 04:33 PM

To change password:
1. Log out
2. Go to log in
3. Click "forgot password."
4. Wait for email with further instructions.





10 user(s) are reading this topic

0 members, 10 guests, 0 anonymous users